The present invention relates to data storage. More specifically, the invention relates to utilizing a decrypter, downstream in the data path from the place where data was encrypted, for securely and efficiently storing encrypted data blocks.
End-to-end encryption is the process of encrypting data close to the source before committing it to storage. This encryption process has become increasingly prevalent due to security concerns regarding third party storage or cloud providers, domain-specific regulations mandating the encryption of sensitive data, ensuring secure deletion of data, and its requirement in high-security data centers.
Encrypting data is limiting however, in that the majority of storage efficiency functions do not achieve their intended functions when operating on encrypted data. Encrypted data maximizes the entropy of ciphertext, and as a consequence, cannot be compressed. Furthermore, encryption of data blocks in two different files or two different locations result in different ciphertexts, resulting in the failure of standard deduplication attempts.